MessagePack-CSharp JSON conversion lacks depth limit, risk of stack exhaustion

Multiple recursion paths in MessagePack-CSharp's JSON conversion helpers do not enforce depth limits, allowing stack exhaustion via attacker-controlled input.

Applications calling MessagePackSerializer.ConvertFromJson or ConvertToJson on untrusted data, including gateways, diagnostics endpoints, migration tools, logging paths, and services converting between JSON and MessagePack.

Upgrade MessagePack to the patched version once released; until then, avoid passing untrusted JSON to ConvertFromJson and untrusted MessagePack payloads to ConvertToJson, and validate JSON nesting depth externally.